You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

A few days ago I installed "Free MKV to AVI Converter". Unwisely, I hastily clicked through the installation process (Is CNET no longer a trustworthy source?). Almost immediately, Avira alerted me to problem files and I noticed Shopping Pro and Neurowise in my Add/Remove window. Alas, my MBAM software was out of date.

I googled some guidelines and started running the gamut of scans and uninstallers, in sequences given by various guidelines: ADWCleaner, RevoUninstaller, HitmanPro, CCleaner, MBAM (updated), Emsisoft, over and over the last 4 days. Also in Safe Mode. Almost all would report malicious or PUP files, which would be cleaned, but then more files would return after a reboot.

I noticed also that User Appdata folders remained hidden even though I've set folder view options to show hidden and system files (the scanning software would often pick up files in these folders). In trying to gain access to these, I foolishly mucked around with user permissions as well and I believe I have made a hash of it. I've also tried installing MVP's host file, as a belated measure and not sure what exactly the malware is aiming at. One time it did replace the original hosts file, but now, when I run the batch file, I get "access denied" messages.

One of these files that persisted especially was a roaming profile for Firefox (pref.js) but, when reported by ADWCleaner in their Firefox tab, the path and file name is blocked off by 5 hashtags at both ends. E.g.:

And every now and again Shopping Pro or some other unknown software would reappear in my Add/Remove list. Other names that would be picked up by scanners and removal tools include: Linkury.Gen2, VO Package, Smartbar. I found and deleted, via CCleaner, Installer_geforce in my startup. On some occasions there would be other unknown files in the startup list as well; removed, but they would return.

I've tried restoring my machine to a point before I installed the malware, but Windows was unable to do so. In the mean time, out of desperation (I have a conference paper to write), I started, unwisely I suppose, to run more complicated scanners - Rootkiller before running ADWCleaner etc.

I would reset Firefox, hoping to get rid of that roaming profile, but no go. At some point I would get an error message when trying to open Firefox - that it was already running. I thus uninstalled it, installed an older Firefox, etc., but to no avail. (I'm back with the latest Firefox.)

I then ran ran RogueKiller, AVast Browser Cleanup, and some of the above again. Avira also, which picked up about 70 Linkury.Gen2 files. But ADWCleaner still lists that hash-tagged roaming Firefox profile, so I doubt that, after 4 days of scans, I am rid of the malware.

The question now is: Cleaning via, hopefully, BleepingComputer help, or a reinstallation (and all the user tweaking and Windows updating that that involves)? And also, is it reasonably safe to work on this machine? (My documents are saved on another partition).

BC AdBot (Login to Remove)

Having run all that , we will need a deeper lok to se where its hooked.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

it seems I have cleaned out the muck. I eventually tracked down the startup files for the adware and my anti-virus, MBAM, Emsisoft all report no malicious files. I will in any case be switching to a new machine in the next few weeks, so I'll leave it at that.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook